kamal 1.8.3 → 2.7.0

data/lib/kamal/commands/prune.rb

@@ -9,7 +9,7 @@ class Kamal::Commands::Prune < Kamal::Commands::Base
   def tagged_images
     pipe \
       docker(:image, :ls, *service_filter, "--format", "'{{.ID}} {{.Repository}}:{{.Tag}}'"),
-      "grep -v -w \"#{active_image_list}\"",
+      grep("-v -w \"#{active_image_list}\""),
       "while read image tag; do docker rmi $tag; done"
   end
 
@@ -20,10 +20,6 @@ class Kamal::Commands::Prune < Kamal::Commands::Base
       "while read container_id; do docker rm $container_id; done"
   end
 
-  def healthcheck_containers
-    docker :container, :prune, "--force", *healthcheck_service_filter
-  end
-
   private
     def stopped_containers_filters
       [ "created", "exited", "dead" ].flat_map { |status| [ "--filter", "status=#{status}" ] }
@@ -39,8 +35,4 @@ class Kamal::Commands::Prune < Kamal::Commands::Base
     def service_filter
       [ "--filter", "label=service=#{config.service}" ]
     end
-
-    def healthcheck_service_filter
-      [ "--filter", "label=service=#{config.healthcheck_service}" ]
-    end
 end

data/lib/kamal/commands/registry.rb

@@ -1,14 +1,16 @@
 class Kamal::Commands::Registry < Kamal::Commands::Base
-  delegate :registry, to: :config
+  def login(registry_config: nil)
+    registry_config ||= config.registry
 
-  def login
     docker :login,
-      registry.server,
-      "-u", sensitive(Kamal::Utils.escape_shell_value(registry.username)),
-      "-p", sensitive(Kamal::Utils.escape_shell_value(registry.password))
+      registry_config.server,
+      "-u", sensitive(Kamal::Utils.escape_shell_value(registry_config.username)),
+      "-p", sensitive(Kamal::Utils.escape_shell_value(registry_config.password))
   end
 
-  def logout
-    docker :logout, registry.server
+  def logout(registry_config: nil)
+    registry_config ||= config.registry
+
+    docker :logout, registry_config.server
   end
 end

data/lib/kamal/commands/server.rb

@@ -1,5 +1,15 @@
 class Kamal::Commands::Server < Kamal::Commands::Base
   def ensure_run_directory
-    [ :mkdir, "-p", config.run_directory ]
+    make_directory config.run_directory
+  end
+
+  def remove_app_directory
+    remove_directory config.app_directory
+  end
+
+  def app_directory_count
+    pipe \
+      [ :ls, config.apps_directory ],
+      [ :wc, "-l" ]
   end
 end

data/lib/kamal/configuration/accessory.rb

@@ -1,9 +1,11 @@
 class Kamal::Configuration::Accessory
   include Kamal::Configuration::Validation
 
+  DEFAULT_NETWORK = "kamal"
+
   delegate :argumentize, :optionize, to: Kamal::Utils
 
-  attr_reader :name, :accessory_config, :env
+  attr_reader :name, :env, :proxy, :registry
 
   def initialize(name, config:)
     @name, @config, @accessory_config = name.inquiry, config, config.raw_config["accessories"][name]
@@ -14,10 +16,11 @@ class Kamal::Configuration::Accessory
       context: "accessories/#{name}",
       with: Kamal::Configuration::Validator::Accessory
 
-    @env = Kamal::Configuration::Env.new \
-      config: accessory_config.fetch("env", {}),
-      secrets_file: File.join(config.host_env_directory, "accessories", "#{service_name}.env"),
-      context: "accessories/#{name}/env"
+    ensure_valid_roles
+
+    @env = initialize_env
+    @proxy = initialize_proxy if running_proxy?
+    @registry = initialize_registry if accessory_config["registry"].present?
   end
 
   def service_name
@@ -25,11 +28,11 @@ class Kamal::Configuration::Accessory
   end
 
   def image
-    accessory_config["image"]
+    [ registry&.server, accessory_config["image"] ].compact.join("/")
   end
 
   def hosts
-    hosts_from_host || hosts_from_hosts || hosts_from_roles
+    hosts_from_host || hosts_from_hosts || hosts_from_roles || hosts_from_tags
   end
 
   def port
@@ -38,6 +41,10 @@ class Kamal::Configuration::Accessory
     end
   end
 
+  def network_args
+    argumentize "--network", network
+  end
+
   def publish_args
     argumentize "--publish", port if port
   end
@@ -51,7 +58,19 @@ class Kamal::Configuration::Accessory
   end
 
   def env_args
-    env.args
+    [ *env.clear_args, *argumentize("--env-file", secrets_path) ]
+  end
+
+  def env_directory
+    File.join(config.env_directory, "accessories")
+  end
+
+  def secrets_io
+    env.secrets_io
+  end
+
+  def secrets_path
+    File.join(config.env_directory, "accessories", "#{name}.env")
   end
 
   def files
@@ -88,8 +107,34 @@ class Kamal::Configuration::Accessory
     accessory_config["cmd"]
   end
 
+  def running_proxy?
+    accessory_config["proxy"].present?
+  end
+
   private
-    attr_accessor :config
+    attr_reader :config, :accessory_config
+
+    def initialize_env
+      Kamal::Configuration::Env.new \
+        config: accessory_config.fetch("env", {}),
+        secrets: config.secrets,
+        context: "accessories/#{name}/env"
+    end
+
+    def initialize_proxy
+      Kamal::Configuration::Proxy.new \
+        config: config,
+        proxy_config: accessory_config["proxy"],
+        context: "accessories/#{name}/proxy",
+        secrets: config.secrets
+    end
+
+    def initialize_registry
+      Kamal::Configuration::Registry.new \
+        config: accessory_config,
+        secrets: config.secrets,
+        context: "accessories/#{name}/registry"
+    end
 
     def default_labels
       { "service" => service_name }
@@ -111,7 +156,7 @@ class Kamal::Configuration::Accessory
     end
 
     def read_dynamic_file(local_file)
-      StringIO.new(ERB.new(IO.read(local_file)).result)
+      StringIO.new(ERB.new(File.read(local_file)).result)
     end
 
     def expand_remote_file(remote_file)
@@ -157,8 +202,40 @@ class Kamal::Configuration::Accessory
     end
 
     def hosts_from_roles
-      if accessory_config.key?("roles")
-        accessory_config["roles"].flat_map { |role| config.role(role).hosts }
+      if accessory_config.key?("role")
+       config.role(accessory_config["role"])&.hosts
+      elsif accessory_config.key?("roles")
+        accessory_config["roles"].flat_map { |role| config.role(role)&.hosts }
+      end
+    end
+
+    def hosts_from_tags
+      if accessory_config.key?("tag")
+        extract_hosts_from_config_with_tag(accessory_config["tag"])
+      elsif accessory_config.key?("tags")
+        accessory_config["tags"].flat_map { |tag| extract_hosts_from_config_with_tag(tag) }
+      end
+    end
+
+    def extract_hosts_from_config_with_tag(tag)
+      if (servers_with_roles = config.raw_config.servers).is_a?(Hash)
+        servers_with_roles.flat_map do |role, servers_in_role|
+          servers_in_role.filter_map do |host|
+            host.keys.first if host.is_a?(Hash) && host.values.first.include?(tag)
+          end
+        end
+      end
+    end
+
+    def network
+      accessory_config["network"] || DEFAULT_NETWORK
+    end
+
+    def ensure_valid_roles
+      if accessory_config["roles"] && (missing_roles = accessory_config["roles"] - config.roles.map(&:name)).any?
+        raise Kamal::ConfigurationError, "accessories/#{name}: unknown roles #{missing_roles.join(", ")}"
+      elsif accessory_config["role"] && !config.role(accessory_config["role"])
+        raise Kamal::ConfigurationError, "accessories/#{name}: unknown role #{accessory_config["role"]}"
       end
     end
 end

data/lib/kamal/configuration/alias.rb

@@ -0,0 +1,15 @@
+class Kamal::Configuration::Alias
+  include Kamal::Configuration::Validation
+
+  attr_reader :name, :command
+
+  def initialize(name, config:)
+    @name, @command = name.inquiry, config.raw_config["aliases"][name]
+
+    validate! \
+      command,
+      example: validation_yml["aliases"]["uname"],
+      context: "aliases/#{name}",
+      with: Kamal::Configuration::Validator::Alias
+  end
+end

data/lib/kamal/configuration/builder.rb

@@ -19,28 +19,58 @@ class Kamal::Configuration::Builder
     builder_config
   end
 
-  def multiarch?
-    builder_config["multiarch"] != false
+  def remote
+    builder_config["remote"]
   end
 
-  def local?
-    !!builder_config["local"]
+  def arches
+    Array(builder_config.fetch("arch", default_arch))
+  end
+
+  def local_arches
+    @local_arches ||= if local_disabled?
+      []
+    elsif remote
+      arches & [ Kamal::Utils.docker_arch ]
+    else
+      arches
+    end
+  end
+
+  def remote_arches
+    @remote_arches ||= if remote
+      arches - local_arches
+    else
+      []
+    end
   end
 
   def remote?
-    !!builder_config["remote"]
+    remote_arches.any?
+  end
+
+  def local?
+    !local_disabled? && (arches.empty? || local_arches.any?)
+  end
+
+  def cloud?
+    driver.start_with? "cloud"
   end
 
   def cached?
     !!builder_config["cache"]
   end
 
+  def pack?
+    !!builder_config["pack"]
+  end
+
   def args
     builder_config["args"] || {}
   end
 
   def secrets
-    builder_config["secrets"] || []
+    (builder_config["secrets"] || []).to_h { |key| [ key, config.secrets[key] ] }
   end
 
   def dockerfile
@@ -55,20 +85,20 @@ class Kamal::Configuration::Builder
     builder_config["context"] || "."
   end
 
-  def local_arch
-    builder_config["local"]["arch"] if local?
+  def driver
+    builder_config.fetch("driver", "docker-container")
   end
 
-  def local_host
-    builder_config["local"]["host"] if local?
+  def pack_builder
+    builder_config["pack"]["builder"] if pack?
   end
 
-  def remote_arch
-    builder_config["remote"]["arch"] if remote?
+  def pack_buildpacks
+    builder_config["pack"]["buildpacks"] if pack?
   end
 
-  def remote_host
-    builder_config["remote"]["host"] if remote?
+  def local_disabled?
+    builder_config["local"] == false
   end
 
   def cache_from
@@ -97,6 +127,14 @@ class Kamal::Configuration::Builder
     builder_config["ssh"]
   end
 
+  def provenance
+    builder_config["provenance"]
+  end
+
+  def sbom
+    builder_config["sbom"]
+  end
+
   def git_clone?
     Kamal::Git.used? && builder_config["context"].nil?
   end
@@ -114,7 +152,23 @@ class Kamal::Configuration::Builder
       end
   end
 
+  def docker_driver?
+    driver == "docker"
+  end
+
   private
+    def valid?
+      if docker_driver?
+        raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support remote builders" if remote
+        raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support caching" if cached?
+        raise ArgumentError, "Invalid builder configuration: the `docker` driver does not not support multiple arches" if arches.many?
+      end
+
+      if @options["cache"] && @options["cache"]["type"]
+        raise ArgumentError, "Invalid cache type: #{@options["cache"]["type"]}" unless [ "gha", "registry" ].include?(@options["cache"]["type"])
+      end
+    end
+
     def cache_image
       builder_config["cache"]&.fetch("image", nil) || "#{image}-build-cache"
     end
@@ -136,7 +190,7 @@ class Kamal::Configuration::Builder
     end
 
     def cache_to_config_for_registry
-      [ "type=registry", builder_config["cache"]&.fetch("options", nil), "ref=#{cache_image_ref}" ].compact.join(",")
+      [ "type=registry", "ref=#{cache_image_ref}", builder_config["cache"]&.fetch("options", nil) ].compact.join(",")
     end
 
     def repo_basename
@@ -150,4 +204,8 @@ class Kamal::Configuration::Builder
     def pwd_sha
       Digest::SHA256.hexdigest(Dir.pwd)[0..12]
     end
+
+    def default_arch
+      docker_driver? ? [] : [ "amd64", "arm64" ]
+    end
 end

data/lib/kamal/configuration/docs/accessory.yml

@@ -3,48 +3,71 @@
 # Accessories can be booted on a single host, a list of hosts, or on specific roles.
 # The hosts do not need to be defined in the Kamal servers configuration.
 #
-# Accessories are managed separately from the main service - they are not updated
-# when you deploy and they do not have zero-downtime deployments.
+# Accessories are managed separately from the main service — they are not updated
+# when you deploy, and they do not have zero-downtime deployments.
 #
 # Run `kamal accessory boot <accessory>` to boot an accessory.
 # See `kamal accessory --help` for more information.
 
 # Configuring accessories
 #
-# First define the accessory in the `accessories`
+# First, define the accessory in the `accessories`:
 accessories:
   mysql:
 
     # Service name
     #
-    # This is used in the service label and defaults to `<service>-<accessory>`
-    # where `<service>` is the main service name from the root configuration
+    # This is used in the service label and defaults to `<service>-<accessory>`,
+    # where `<service>` is the main service name from the root configuration:
     service: mysql
 
     # Image
     #
-    # The Docker image to use, prefix with a registry if not using Docker hub
+    # The Docker image to use.
+    # Prefix it with its server when using root level registry different from Docker Hub.
+    # Define registry directly or via anchors when it differs from root level registry.
     image: mysql:8.0
 
+    # Registry
+    #
+    # By default accessories use Docker Hub registry.
+    # You can specify different registry per accessory with this option.
+    # Don't prefix image with this registry server.
+    # Use anchors if you need to set the same specific registry for several accessories.
+    #
+    # ```yml
+    # registry:
+    #   <<: *specific-registry
+    # ```
+    #
+    # See kamal docs registry for more information:
+    registry:
+      ...
+
     # Accessory hosts
     #
-    # Specify one  of `host`, `hosts` or `roles`
+    # Specify one of `host`, `hosts`, `role`, `roles`, `tag` or `tags`:
     host: mysql-db1
     hosts:
       - mysql-db1
       - mysql-db2
+    role: mysql
     roles:
       - mysql
+    tag: writer
+    tags:
+      - writer
+      - reader
 
     # Custom command
     #
-    # You can set a custom command to run in the container, if you do not want to use the default
+    # You can set a custom command to run in the container if you do not want to use the default:
     cmd: "bin/mysqld"
 
     # Port mappings
     #
-    # See https://docs.docker.com/network/, especially note the warning about the security
-    # implications of exposing ports publicly.
+    # See [https://docs.docker.com/network/](https://docs.docker.com/network/), and
+    # especially note the warning about the security implications of exposing ports publicly.
     port: "127.0.0.1:3306:3306"
 
     # Labels
@@ -52,20 +75,22 @@ accessories:
       app: myapp
 
     # Options
-    # These are passed to the Docker run command in the form `--<name> <value>`
+    #
+    # These are passed to the Docker run command in the form `--<name> <value>`:
     options:
       restart: always
       cpus: 2
 
     # Environment variables
-    # See kamal docs env for more information
+    #
+    # See kamal docs env for more information:
     env:
       ...
 
     # Copying files
     #
     # You can specify files to mount into the container.
-    # The format is `local:remote` where `local` is the path to the file on the local machine
+    # The format is `local:remote`, where `local` is the path to the file on the local machine
     # and `remote` is the path to the file in the container.
     #
     # They will be uploaded from the local repo to the host and then mounted.
@@ -78,13 +103,26 @@ accessories:
     # Directories
     #
     # You can specify directories to mount into the container. They will be created on the host
-    # before being mounted
+    # before being mounted:
     directories:
       - mysql-logs:/var/log/mysql
 
     # Volumes
     #
     # Any other volumes to mount, in addition to the files and directories.
-    # They are not created or copied before mounting
+    # They are not created or copied before mounting:
     volumes:
       - /path/to/mysql-logs:/var/log/mysql
+
+    # Network
+    #
+    # The network the accessory will be attached to.
+    #
+    # Defaults to kamal:
+    network: custom
+
+    # Proxy
+    #
+    # You can run your accessory behind the Kamal proxy. See kamal docs proxy for more information
+    proxy:
+      ...

data/lib/kamal/configuration/docs/alias.yml

@@ -0,0 +1,26 @@
+# Aliases
+#
+# Aliases are shortcuts for Kamal commands.
+#
+# For example, for a Rails app, you might open a console with:
+#
+# ```shell
+# kamal app exec -i --reuse "bin/rails console"
+# ```
+#
+# By defining an alias, like this:
+aliases:
+  console: app exec -i --reuse "bin/rails console"
+# You can now open the console with:
+#
+# ```shell
+# kamal console
+# ```
+
+# Configuring aliases
+#
+# Aliases are defined in the root config under the alias key.
+#
+# Each alias is named and can only contain lowercase letters, numbers, dashes, and underscores:
+aliases:
+  uname: app exec -p -q -r web "uname -a"

data/lib/kamal/configuration/docs/boot.yml

@@ -2,18 +2,18 @@
 #
 # When deploying to large numbers of hosts, you might prefer not to restart your services on every host at the same time.
 #
-# Kamal’s default is to boot new containers on all hosts in parallel. But you can control this with the boot configuration.
+# Kamal’s default is to boot new containers on all hosts in parallel. However, you can control this with the boot configuration.
 
 # Fixed group sizes
 #
-# Here we boot 2 hosts at a time with a 10 second gap between each group.
+# Here, we boot 2 hosts at a time with a 10-second gap between each group:
 boot:
   limit: 2
   wait: 10
 
 # Percentage of hosts
 #
-# Here we boot 25% of the hosts at a time with a 2 second gap between each group.
+# Here, we boot 25% of the hosts at a time with a 2-second gap between each group:
 boot:
   limit: 25%
   wait: 2